ANDROID: fips140: remove CONFIG_CRYPTO_FIPS140 option
There is no good reason for the CRYPTO_FIPS140 kconfig option to exist
separately from CRYPTO_FIPS140_MOD. It existed mainly to guard some
code in the module loader that was needed only for loading the fips140
module. However, that code has been removed, since an alternate
solution that doesn't require changes to the module loader was found.
The remaining references to CRYPTO_FIPS140 are in:
- scripts/module.lds.S. But the guarded code only affects building the
fips140 module, so CRYPTO_FIPS140_MOD should be used here instead.
- lib/crypto/, for guarding the Android vendor hooks required by the
fips140 module. However, Android vendor hooks are already guarded by
ANDROID_VENDOR_HOOKS. The extra guard by CRYPTO_FIPS140 isn't useful,
especially since CRYPTO_FIPS140 was effectively hardcoded to y anyway.
It did have the side effect of making the hooks be guarded by arm64,
which excluded them from builds of arch/x86/purgatory/. However, a
cleaner way to accomplish that is to check for __DISABLE_EXPORTS,
which handles both arch/x86/purgatory/ and fips140.ko itself.
Bug: 188620248
Change-Id: Ic6141cd2a553540c2bf95774e71de7310926e3ce
Signed-off-by: Eric Biggers <ebiggers@google.com>
diff --git a/crypto/Kconfig b/crypto/Kconfig
index a08d571..1c769d4 100644
--- a/crypto/Kconfig
+++ b/crypto/Kconfig
@@ -33,15 +33,9 @@
certification. You should say no unless you know what
this is.
-# CRYPTO_FIPS140 just enables the support in the kernel for loading fips140.ko.
-# The module still needs to be built and loaded if you need FIPS 140 compliance.
-config CRYPTO_FIPS140
- def_bool y
- depends on MODULES && ARM64 && ARM64_MODULE_PLTS
-
config CRYPTO_FIPS140_MOD
bool "Enable FIPS 140 cryptographic module"
- depends on LTO_CLANG && CRYPTO_FIPS140
+ depends on MODULES && ARM64 && ARM64_MODULE_PLTS && LTO_CLANG
help
This option enables building a loadable module fips140.ko, which
contains various crypto algorithms that are also built into vmlinux.
diff --git a/lib/crypto/aes.c b/lib/crypto/aes.c
index 6a8b70a..5fc78e5 100644
--- a/lib/crypto/aes.c
+++ b/lib/crypto/aes.c
@@ -190,7 +190,7 @@ int aes_expandkey(struct crypto_aes_ctx *ctx, const u8 *in_key,
u32 rc, i, j;
int err;
-#if defined(CONFIG_CRYPTO_FIPS140) && !defined(BUILD_FIPS140_KO)
+#ifndef __DISABLE_EXPORTS
err = -(MAX_ERRNO + 1);
trace_android_vh_aes_expandkey(ctx, in_key, key_len, &err);
if (err != -(MAX_ERRNO + 1))
@@ -269,7 +269,7 @@ void aes_encrypt(const struct crypto_aes_ctx *ctx, u8 *out, const u8 *in)
int rounds = 6 + ctx->key_length / 4;
u32 st0[4], st1[4];
int round;
-#if defined(CONFIG_CRYPTO_FIPS140) && !defined(BUILD_FIPS140_KO)
+#ifndef __DISABLE_EXPORTS
int hook_inuse = 0;
trace_android_vh_aes_encrypt(ctx, out, in, &hook_inuse);
@@ -327,7 +327,7 @@ void aes_decrypt(const struct crypto_aes_ctx *ctx, u8 *out, const u8 *in)
int rounds = 6 + ctx->key_length / 4;
u32 st0[4], st1[4];
int round;
-#if defined(CONFIG_CRYPTO_FIPS140) && !defined(BUILD_FIPS140_KO)
+#ifndef __DISABLE_EXPORTS
int hook_inuse = 0;
trace_android_vh_aes_decrypt(ctx, out, in, &hook_inuse);
diff --git a/lib/crypto/sha256.c b/lib/crypto/sha256.c
index ae9be0e..3f04750 100644
--- a/lib/crypto/sha256.c
+++ b/lib/crypto/sha256.c
@@ -201,7 +201,7 @@ void sha256(const u8 *data, unsigned int len, u8 *out)
{
struct sha256_state sctx;
-#if defined(CONFIG_CRYPTO_FIPS140) && !defined(BUILD_FIPS140_KO)
+#ifndef __DISABLE_EXPORTS
int hook_inuse = 0;
trace_android_vh_sha256(data, len, out, &hook_inuse);
diff --git a/scripts/module.lds.S b/scripts/module.lds.S
index 37a3640..4af529e 100644
--- a/scripts/module.lds.S
+++ b/scripts/module.lds.S
@@ -33,7 +33,7 @@
__patchable_function_entries : { *(__patchable_function_entries) }
-#ifdef CONFIG_CRYPTO_FIPS140
+#ifdef CONFIG_CRYPTO_FIPS140_MOD
/*
* The FIPS140 module incorporates copies of builtin code, which gets
* integrity checked at module load time, and registered in a way that